Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for generating, at a user computer connectable to a server via a network, a secret cryptographic key of the user computer, the method comprising: providing at the user computer a secret user value; providing at the server a secret server value and a check value which encodes the secret user value and a user password; at the user computer, in response to input of an input password, encoding the secret user value and the input password to produce a first value corresponding to said check value, and communicating the first value to the server via the network; at the server, in response to communication of the first value, comparing the first value and the check value to check whether the input password equals the user password and, if so, encoding the first value and said secret server value to produce a second value and communicating the second value to the user computer via the network; and at the user computer, in response to communication of the second value, generating the secret cryptographic key by encoding the second value, the input password and the secret user value.
2. A method as claimed in claim 1 including, in a setup procedure, prior to generation of said key: at the user computer, in response to input of said user password, encoding the secret user value and the user password to produce said check value, and communicating the check value to the server via the network; and at the server, storing the received check value.
3. A method as claimed in claim 2 including, in said setup procedure: at the user computer, generating and storing the secret user value; and at the server, generating and storing the secret server value.
4. A method as claimed in claim 2 wherein the setup procedure includes: at the server, encoding said received check value and said secret server value to produce said second value and communicating the second value to the user computer via the network; and at the user computer, in response to communication of the second value, generating the secret cryptographic key for a first time by encoding the second value, the user password and the secret user value, using the key in a cryptographic operation, and deleting the user password, the check value, the second value and the key after use.
5. A method as claimed in claim 1 including: providing at the user computer a user identifier for uniquely identifying the user computer to the server; at the server, providing the user identifier with the check value for the user computer; and at the user computer, communicating the user identifier to the server with said first value.
6. A method as claimed in claim 5 including, at the user computer, encoding the user identifier in the first value.
7. A method as claimed in claim 5 including, at the user computer, encoding the user identifier in the cryptographic key.
8. A method as claimed in claim 5 including, at the server, encoding the user identifier in the second value.
9. A method as claimed in claim 6 including: at the server, providing a server identifier for uniquely identifying the server to the user computer; at the user computer, retrieving the server identifier and encoding the server identifier in said first value; at the server, encoding the server identifier in the second value; and at the user computer, encoding the server identifier in the cryptographic key.
10. A method as claimed in claim 1 including establishing, via interaction of the user computer and the server, a secure channel over said network, wherein said communicating by the user computer and server is conducted over the secure channel.
11. A method as claimed in claim 1 including, at the server, implementing a throttling mechanism in dependence on whether the input password equals the user password.
12. A method as claimed in claim 1 wherein: the check value encodes the secret user value and the user password via a hash function; the user computer produces the first value by encoding the secret user value and the input password via said hash function; the server produces the second value by encoding the first value and the secret server value via said hash function; and the user computer generates the secret cryptographic key by encoding the second value, the input password and the secret user value via said hash function.
13. A computer program product, the computer program product comprising a non-transitory computer readable storage medium having program instructions embodied therewith, the program instructions executable by a computer to cause the computer to perform: providing at the user computer a secret user value; providing at the server a secret server value and a check value which encodes the secret user value and a user password; at the user computer, in response to input of an input password, encoding the secret user value and the input password to produce a first value corresponding to said check value, and communicating the first value to the server via the network; at the server, in response to communication of the first value, comparing the first value and the check value to check whether the input password equals the user password and, if so, encoding the first value and said secret server value to produce a second value and communicating the second value to the user computer via the network; and at the user computer, in response to communication of the second value, generating the secret cryptographic key by encoding the second value, the input password and the secret user value.
14. A user computer for communicating with a server via a network to generate a secret cryptographic key of the user computer, said server storing a secret server value and a check value which encodes a secret user value of the user computer and a user password, wherein the user computer comprises memory for storing said secret user value, a user interface, a communications interface for communicating with the server via the network, and control logic adapted: in response to input via said user interface of an input password, to encode said secret user value and the input password to produce a first value corresponding to said check value, and to communicate the first value to the server via said communications interface; and in response to communication by the server of a second value produced by encoding the first value and said secret server value, to generate the secret cryptographic key by encoding the second value, the input password and the secret user value.
15. A server for use in generating a secret cryptographic key of a user computer, storing a secret user value, which is connectable to the server via a network, the server comprising: memory for storing a secret server value and a check value which encodes said secret user value and a user password; a communications interface for communicating with the user computer via the network; and control logic adapted, in response to receipt from the user computer of a first value which corresponds to said check value and encodes said secret user value and an input password, to compare the first value and the check value to check whether said input password equals said user password and, if so, to encode the first value and said secret server value to produce a second value, and to communicate the second value to the user computer via said communications interface.
Unknown
December 19, 2017
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.